How to manage your passwords with Bitwarden, a LastPass alternative

Learn how to set up and use open source password manager Bitwarden.

Subscribe now

Get the highlights in your inbox every week.

Do you ever feel you have more passwords than you can keep track of? It's probably more than just a feeling. Like most of us, you probably have a hard time remembering all those passwords, no matter how simple or complex they are.

Many people turn to popular services like LastPass and 1Password to help them wrangle their passwords. While solid, those services are also proprietary and closed source. So where can an open source enthusiast turn to find an alternative?

Note: I'm not going to cover all Bitwarden's features in this article, just its core password management ones. You've been warned.

Getting started

Sign up for an account. It's free (although there are also paid plans). Your account gives you access to a secure space (called a vault) to store your passwords.

When you're signing up, you'll be asked to create a master password. That's the one that will keep your other passwords safe. It's in your best interest to make your master password as strong and complex as you can—and as you can remember.

If you want a little more control and to embrace your inner geek, you can grab the source code on GitHub and install Bitwarden on your server. There's even a Docker image.

Me? I went with the hosted edition. I know ...

Once you've set up your account, grab the Bitwarden extension for one of the supported browsers (you probably use at least one of them): Chrome, Firefox, Opera, Edge, Safari, Vivaldi, Brave (you can install the extension from within the browser), or Tor Browser.

Now you're ready to go.

Using Bitwarden

You've got your Bitwarden account set up and the browser extension installed. Now what? Head over to a website that you want to sign up for or where you already have an account. When you enter your username and password, Bitwarden will ask you if you want to save your login information. Click Yes, Save Now.

The browser extension has a setting that automatically fills in your username and password. You can enable that by clicking the Bitwarden icon, selecting Settings, and clicking Options. From there, click Enable Auto-fill On Page Load. I don't use that feature—I've run into sites where it didn't work. Anyway, an extra click isn't going to do me any harm.

Importing your passwords from another service

What if you're using another password manager and want to move to Bitwarden? You definitely don't want to type in all those logins again, do you? Bitwarden has an import function that you can use to import passwords from a couple dozen other tools, including LastPass, 1Password, KeePass, and several web browsers.

The import is surprisingly quick, even with a large number of passwords. Just remember to securely delete the import file after you've done the deed. You don't want to leave the keys to your various kingdoms lying around, especially if they're not encrypted.

How safe is it?

How safe is anything, really? The folks behind Bitwarden try to make it as secure as possible. Things can happen, though, and someone could breach your account.

It always helps, as I mentioned earlier in this article, to have a strong, complex master password. You can also set up two-factor authentication to further harden your account.

If you decide to use Bitwarden, the only advice I can give you is to not store logins to financial institutions or other sites that contain sensitive information. In the end, it's up to you to decide how and with what you use Bitwarden.

Final thought

Until about a year ago, I was a dedicated user of LastPass. But Bitwarden won me over. While it might not have all the bells and whistles of its competitors, Bitwarden does what I need it to do, and it does it securely.

Topics

About the author

Scott Nesbitt - I'm a long-time user of free/open source software, and write various things for both fun and profit. I don't take myself all that seriously and I do all of my own stunts.
You can find me at these fine establishments on the web: Open Source Musings, The Plain Text Project, The...

3 Comments

Thanks for the overview! I have one question regarding your comment on "not stor[ing] logins to financial institutions or other sites that contain sensitive information". From my understanding one of the main reasons to use a password manager is to let them create long, random passwords, which make it harder to get hacked. If I don't use it for my sensitive stuff, I will fall back to strings I can remember and which are therefore (often) easier to hack. Wouldn't you want a password manager especially for the sensitive stuff? Or would you then use something like this offline: https://gist.github.com/NonlinearFruit/7b6f72f97f0d70086f3f229fbf23850f ?

For really sensitive stuff, I'd use a desktop password manager like KeePassX or Pass along with longer, more complex, and hard-to-remember passwords. That way, I have a bit more control over the password store. But for a majority of my web logins, Bitwarden is my tool of choice.

Footer

The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat.

Opensource.com aspires to publish all content under a Creative Commons license but may not be able to do so in all cases. You are responsible for ensuring that you have the necessary permission to reuse any work on this site. Red Hat and the Red Hat logo are trademarks of Red Hat, Inc., registered in the United States and other countries.